Bug #91387
closedRelax constraints on serializing objects
100%
Description
With security advisory https://typo3.org/security/advisory/TYPO3-CORE-SA-2020-004 new BlockSerializationTrait
has been introduced blocking serialization and deserialization for a couple of classes (see advisory for details). Since this cause a couple of side-effects for valid use-cases, the restriction on serialize()
is removed - which is fine from a security point of view.
Possible use case:
Some system state has to be persisted for documentation purposes, which needs a working serialization. De-serialization is not needed in such cases.
Reported by Gernot Leitgab in https://typo3.slack.com/archives/C0K5MU94J/p1589366052028100
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486
Updated by Gerrit Code Review over 4 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486
Updated by Gerrit Code Review over 4 years ago
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64370
Updated by Oliver Hader over 4 years ago
- Related to Bug #91393: Cachingproblems after recent TYPO3 9.5.17 added
Updated by Oliver Hader over 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 5c48857fc52e0f40b3170da6595813377ad4fe67.
Updated by Oliver Hader over 4 years ago
- Related to Bug #88613: Replace ObjectStorage & LazyObjectStorage with symfony/collection added
Updated by Oliver Hader over 4 years ago
- Related to Bug #91404: After update from 9.5.16 to 9.5.17 I get an error 'Cannot serialize' added
Updated by Oliver Hader over 4 years ago
- Related to Bug #91364: Extbase/CachingFramework - Serialization on 'Closure' is not allowed added